Case study: Using risk information to enhance partner relationships

Will Foulds, Redstone Risk Ltd, Risk Management Expert

It’s All about Risk [and Benefits!]

APM Benefits Management SIG were delighted to welcome Will Foulds, a practitioner and specialist in enterprise risk management, to the third Benefits Summit to share his views and perspectives on the positive influence that improved risk visualisation and risk communication techniques can have in sustaining partner relationships. The fundamental issue is that if you get the relationships right your chances of ultimately delivering the end-benefits that in turn enable the achievement of investment focused business objectives are significantly higher.

Using Risk Data in Better Ways

Drawing on a specific case study from the UK Defence industry, Will explained that we have a tendency to use 'traditional' approaches to risk management that often struggle to bridge the gap between two parties, even though the intent is quite the opposite. Much of the information required to improve these relationships already exists, but to create more meaningful collaboration we should consider presenting this information in a different way.

Less Management and More Communication

With 15 years of consultancy experience, Will has witnessed at first-hand, like many of us, the emergence of risk management as an established project discipline. More recently it has become clear that the key to success in this area is not just the management of the risk but the communication of it.

Will demonstrated how he introduced a range of ways in which existing risk management information was used to create more meaningful, responsive and truly supportive relationships with business Partners that can be sustained in mutually beneficial ways.

Will explained that we use Risk Management as a way to reduce uncertainty and complexity in our projects. Yet, despite all our efforts, do we still find it an effective means to collaborate with our partners? The truth is, if we're honest with ourselves, risk management as a discipline does not seem to have significantly advanced in the last few decades [a bit like Benefits Management in that regard). We live in a very different world of globalisation, new cutting-edge technologies and constant change. However, we find that the same old ‘traditional’ methods of risk management are routinely rolled-out to assist highly-complex project and programme scenarios.

The Fog of Uncertainty

Will explained how project partners can become motivated by different objectives, ultimately to the detriment of the project and the relationship. Will gave an example of a major Defence project, where the customer [Front Line Command] and the contractor over time had different and competing strategic intents and incentives; the former became more interested in the objectives [maintaining UK military capability] and the latter more interested in the outputs [getting paid].

When you mix different procedures, emotions and perceptions you create a mismatch, which leads to a ‘fog’. This fog prevents us from really understanding what outcomes we want, and importantly what shared benefits we are jointly looking to achieve. The fog consists of three key elements: Uncertainty, Complexity and Barriers. Figure 1 below illustrates how the fog erodes joint working and reduces business benefits.

Figure 1: The ‘Fog’

As we all know, these ‘fog’ factors come in many different shapes and forms, but it is the combination of these factors that makes it difficult for partners to see a common benefit and so the incentive to collaborate is diminished. This is where risk management comes in to play; we use it as a means to understand complexity, reduce uncertainty and get people talking to each other.

Whilst ISO 31000 has undoubtedly helped to advance risk management, it is probably fair to say that risk management has had its challenges over the years, probably because people don’t see any value from their risk management processes.

Will pointed out that just by calling our process ‘joint’ doesn’t mean that we actually collaborate effectively together; it normally means we hold some risk review meetings in the same room. Yet, we begin to convince ourselves that we are collaborating and that we can therefore manage risk effectively.

Will added that many data repositories are dull. How many meetings have you been to where you’ve watched someone typing a series of risks in a spreadsheet whilst 90% of the audience sit and watch them do it? No wonder the risk review meeting is the one people try to drop out of if they can. Risks are handled in a linear, static format, often not revisited until after a bid has been won or lost.

In recent projects that Will has been involved in, he has focused on getting greater benefit from the risk management process, but at the same time encourage partners to collaborate more effectively, understand more of the collective benefits they are working on together and attempt to make better use of existing risk data held in spreadsheets.

A Picture Paints a Thousand Words

He discovered that visualizing the risks using the latest devices created far greater engagement and depth of understanding across the partners. We all have smartphones, so why is the project management industry seemingly quite late to the party? Will the next generation of project managers be content to use tools like Microsoft Excel spreadsheets? No. Instead, they will probably think in rich pictures, colourful graphics and interactivity with a range of interactive devices.

Will stated that he used a tool called Sharpcloud to visualise three main risk elements [please note that the Sharpcloud screenshots shown in this post-event write-up are for illustrative purposes only and that original data has been replaced by random data].

Discrete to Systemic Risk Relationships: many systemic risks in a risk register do not adequately show their relationship to other more discrete items. Using a graphically rich format, we can instantly see the effect of systemic risks, traditionally hard to visualise across its constituent parts. This significantly focusses attention and saves management time spent managing a systemic risk and simply gets people talking.

Figure 2: Discrete to Systemic Risk Relationships [Sharpcloud]

Linking Benefits to Risks: How many of us assess risks against benefits? Possibly not that many. Normal approaches in a risk register will link a benefit to a risk, or vice versa, and that’s it. Using an interactive tool, we can see how a series of risks are linked to a single benefit. This may sound trivial, but if we can focus attention on the few risks that genuinely will affect key benefits the project is looking to deliver, and focus limited management resources in the right places, then that has to be a good thing!

Figure 3: Linking Benefits to Risks [Sharpcloud]

Assumptions: Accurate understanding of assumptions is critical in projects and programmes but they are all too often badly defined, structured and managed. Will has used risk visualisation to look at the risk, and work backwards [similar to a ‘risk bow-tie’ diagram] to understand what controls have been put in place, what causes exist and what underpinning assumptions have led to these causes? He has found this to be especially useful when looking to engage with assurance functions, as the direct link between a contractual assumption and the way in which a risk is priced can be demonstrated. Using the traditional method is was almost impossible to do this.

Figure 4: 21st Century Risk Visualisation [Sharpcloud]

It's all about Benefits [and Risk!]

Whilst risk visualisation is not a replacement for a good risk management process, it nevertheless complements the management framework, and related information, and provides different views on the results which in turn enables true collaboration.

In closing, Will described the key benefits that he discovered when using powerful and highly visual risk visualisation techniques:

Shared 'mental models' between Customer and the Contractor

Generation of dialogue, with a far more engaging story to tell

Helped break through the fog of uncertainty, complexity and barriers

Enabled Assurance to understand risk pricing more confidently

Uses a format we all use today i.e. smartphone interface

Will is the Owner and Director of new business venture Redstone Risk Ltd, helping companies to manage uncertainty and complexity more effectively through information and visualisation technology.

Having worked extensively with Magnox, NDA, LLWR, eDF and SSE, his experience in managing risk in these energy and utilities environments is impressive. He was previously Head of Risk at Navy Command HQ and also singularly developed a consultancy team from two to seventeen consultants with an annual turnover of £1.5M. Qualified with a Distinction in MSc Risk Management, Will is a Certified Fellow of the Institute of Risk Management (IRM) and is an external examiner for Glasgow Caledonian University.

In starting his own business, Will hopes to be able to take this idea further and push the boundaries of ‘traditional’ risk management application.You can follow Will on LinkedIn or on Twitter @redstoneriskltd